djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

token_handler_test.go: modify a test about refresh request scopes param 

Signed-off-by: Margo Crawford <margaretc@vmware.com>
This commit is contained in:
Ryan Richard 2020-12-09 15:03:52 -08:00 committed by Margo Crawford
parent 5f6e7de785
commit 0abadddb1a
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
internal/oidc/token/token_handler_test.go
View File

@ -922,25 +922,25 @@ func TestRefreshGrant(t *testing.T) {
}}, }},
}, },
{ {
name: "when the refresh request removes a scope which was originally granted from the list of requested scopes then it is ignored", name: "when the refresh request removes a scope which was originally granted from the list of requested scopes then it is granted anyway",
authcodeExchange: authcodeExchangeInputs{ authcodeExchange: authcodeExchangeInputs{
modifyAuthRequest: func(r *http.Request) { r.Form.Set("scope", "openid offline_access") }, modifyAuthRequest: func(r *http.Request) { r.Form.Set("scope", "openid offline_access pinniped.sts.unrestricted") },
want: tokenEndpointResponseExpectedValues{ want: tokenEndpointResponseExpectedValues{
wantStatus: http.StatusOK, wantStatus: http.StatusOK,
wantSuccessBodyFields: []string{"id_token", "refresh_token", "access_token", "token_type", "expires_in", "scope"}, wantSuccessBodyFields: []string{"id_token", "refresh_token", "access_token", "token_type", "expires_in", "scope"},
wantRequestedScopes: []string{"openid", "offline_access"}, wantRequestedScopes: []string{"openid", "offline_access", "pinniped.sts.unrestricted"},
wantGrantedScopes: []string{"openid", "offline_access"}, wantGrantedScopes: []string{"openid", "offline_access", "pinniped.sts.unrestricted"},
}, },
}, },
refreshRequest: refreshRequestInputs{ refreshRequest: refreshRequestInputs{
modifyTokenRequest: func(r *http.Request, refreshToken string, accessToken string) { modifyTokenRequest: func(r *http.Request, refreshToken string, accessToken string) {
r.Body = happyRefreshRequestBody(refreshToken).WithScope("").ReadCloser() // TODO FIX ME. WE NEED ANOTHER VALID SCOPE ON THIS CLIENT TO WRITE THIS TEST. r.Body = happyRefreshRequestBody(refreshToken).WithScope("openid").ReadCloser() // do not ask for "pinniped.sts.unrestricted" again
}, },
want: tokenEndpointResponseExpectedValues{ want: tokenEndpointResponseExpectedValues{
wantStatus: http.StatusOK, wantStatus: http.StatusOK,
wantSuccessBodyFields: []string{"id_token", "refresh_token", "access_token", "token_type", "expires_in", "scope"}, wantSuccessBodyFields: []string{"id_token", "refresh_token", "access_token", "token_type", "expires_in", "scope"},
wantRequestedScopes: []string{"openid", "offline_access"}, wantRequestedScopes: []string{"openid", "offline_access", "pinniped.sts.unrestricted"},
wantGrantedScopes: []string{"openid", "offline_access"}, wantGrantedScopes: []string{"openid", "offline_access", "pinniped.sts.unrestricted"},
}}, }},
}, },
{ {